From c6b8ccab6a421a808b05a218cdf378d1f7616a9d Mon Sep 17 00:00:00 2001 From: David Coutadeur Date: Fri, 13 Sep 2024 18:22:38 +0200 Subject: [PATCH] use cache functions from ltb-common (#979) --- htdocs/index.php | 10 +------ htdocs/resetbytoken.php | 7 ++--- htdocs/sendsms.php | 62 +++++++++++++++++++---------------------- htdocs/sendtoken.php | 21 +++++++------- lib/cache.php | 35 ----------------------- 5 files changed, 43 insertions(+), 92 deletions(-) delete mode 100644 lib/cache.php diff --git a/htdocs/index.php b/htdocs/index.php index dcda23cd..5d416f8a 100644 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -15,9 +15,6 @@ #============================================================================== require_once("../vendor/autoload.php"); require_once("../lib/functions.inc.php"); -require_once(__DIR__."/../lib/cache.php"); - -use Symfony\Component\Cache\Adapter\FilesystemAdapter; #============================================================================== # VARIABLES @@ -125,12 +122,7 @@ #============================================================================== # Cache Config #============================================================================== -$sspCache = new FilesystemAdapter( - $namespace = 'sspCache', - $defaultLifetime = 0, - $directory = null -); -$sspCache->prune(); +$sspCache = new \Ltb\Cache( 'sspCache', 0, null ); #============================================================================== # Captcha Config diff --git a/htdocs/resetbytoken.php b/htdocs/resetbytoken.php index bf0f4f70..fe50a6ed 100644 --- a/htdocs/resetbytoken.php +++ b/htdocs/resetbytoken.php @@ -54,9 +54,8 @@ # select token in the cache # will gather login,time and smstoken values from session. - $cached_token = $sspCache->getItem($tokenid); - $cached_token_content = $cached_token->get(); - if($cached_token->isHit()) + $cached_token_content = $sspCache->get_token($tokenid); + if($cached_token_content) { $login = $cached_token_content['login']; } @@ -178,7 +177,7 @@ # Delete token if all is ok if ( $result === "passwordchanged" ) { - $sspCache->deleteItem($tokenid); + $sspCache->cache->deleteItem($tokenid); } #============================================================================== diff --git a/htdocs/sendsms.php b/htdocs/sendsms.php index e007780a..1840c802 100644 --- a/htdocs/sendsms.php +++ b/htdocs/sendsms.php @@ -72,7 +72,7 @@ if ((!$login) and (!$phone)){ if(!$sms_use_ldap) { - $formtoken = generate_form_token($sspCache, $cache_form_expiration); + $formtoken = $sspCache->generate_form_token($cache_form_expiration); } $result = "emptysendsmsform"; } @@ -88,10 +88,9 @@ $tokenid = decrypt($token, $keyphrase); # Get session from cache - $cached_token = $sspCache->getItem($tokenid); - $cached_token_content = $cached_token->get(); + $cached_token_content = $sspCache->get_token($tokenid); - if($cached_token->isHit()) + if($cached_token_content) { $login = $cached_token_content['login']; $sessiontoken = $cached_token_content['smstoken']; @@ -109,8 +108,7 @@ # To have only x tries and not x+1 tries if ($attempts < ($sms_max_attempts_token - 1)) { $cached_token_content['attempts'] = $attempts + 1; - $cached_token->set($cached_token_content); - $sspCache->save($cached_token); + $sspCache->save_token($cached_token_content, $tokenid); $result = "tokenattempts"; error_log("SMS token $smstoken not valid, attempt $attempts"); } else { @@ -126,11 +124,11 @@ } if ( $result === "tokennotvalid" ) { # Remove token - $sspCache->deleteItem($tokenid); + $sspCache->cache->deleteItem($tokenid); } if ( $result === "" ) { # Remove token - $sspCache->deleteItem($tokenid); + $sspCache->cache->deleteItem($tokenid); $result = "buildtoken"; } } elseif (isset($_REQUEST["encrypted_sms_login"])) { @@ -149,7 +147,7 @@ }else{ if(!$sms_use_ldap) { - $formtoken = generate_form_token($sspCache, $cache_form_expiration); + $formtoken = $sspCache->generate_form_token($cache_form_expiration); } $result = "emptysendsmsform"; } @@ -195,7 +193,7 @@ $smsdisplay = substr_replace($sms, '****', 4 , 4); } - $formtoken = generate_form_token($sspCache, $cache_form_expiration); + $formtoken = $sspCache->generate_form_token($cache_form_expiration); $result = "smsuserfound"; } @@ -213,7 +211,7 @@ #============================================================================== if ($result === "sendsms") { $formtoken = strval($_REQUEST["formtoken"]); - $formtoken_result = verify_form_token($sspCache, $formtoken); + $formtoken_result = $sspCache->verify_form_token($formtoken); if($formtoken_result == "invalidformtoken") { $result = $formtoken_result; @@ -227,18 +225,17 @@ # Generate sms token $smstoken = generate_sms_token($sms_token_length); - # Create temporary session to avoid token replay - $smstoken_session_id = hash('sha256', bin2hex(random_bytes(16))); - $smscached_token = $sspCache->getItem($smstoken_session_id); - $smscached_token->set([ - 'login' => $login, - 'smstoken' => $smstoken, - 'time' => time(), - 'attempts' => 0 - ]); - $smscached_token->expiresAfter($cache_token_expiration); - $sspCache->save($smscached_token); - error_log("generated cache entry with id: " . $smstoken_session_id. " for storing step 'send sms' of password reset by sms workflow, valid for $cache_token_expiration s"); + + $smstoken_session_id = $sspCache->save_token( + [ + 'login' => $login, + 'smstoken' => $smstoken, + 'time' => time(), + 'attempts' => 0 + ], + null, + $cache_token_expiration + ); $data = array( "sms_attribute" => $sms, "smsresetmessage" => $messages['smsresetmessage'], "smstoken" => $smstoken) ; @@ -291,16 +288,15 @@ #============================================================================== if ($result === "buildtoken") { - $smstoken_session_id = hash('sha256', bin2hex(random_bytes(16))); - $smscached_token = $sspCache->getItem($smstoken_session_id); - $smscached_token->set([ - 'login' => $login, - 'time' => time(), - 'smstoken' => $smstoken - ]); - $smscached_token->expiresAfter($cache_form_expiration); - $sspCache->save($smscached_token); - error_log("generated cache entry with id: " . $smstoken_session_id. " for storing step 'password change' of password reset by sms workflow, valid for $cache_form_expiration s"); + $smstoken_session_id = $sspCache->save_token( + [ + 'login' => $login, + 'time' => time(), + 'smstoken' => $smstoken + ], + null, + $cache_form_expiration + ); $token = encrypt($smstoken_session_id, $keyphrase); diff --git a/htdocs/sendtoken.php b/htdocs/sendtoken.php index e15fdeeb..111ca4bb 100644 --- a/htdocs/sendtoken.php +++ b/htdocs/sendtoken.php @@ -57,7 +57,7 @@ $result = "emptysendtokenform"; - $formtoken = generate_form_token($sspCache, $cache_form_expiration); + $formtoken = $sspCache->generate_form_token($cache_form_expiration); } # Check the entered username for characters that our installation doesn't support @@ -71,7 +71,7 @@ if ( !$result ) { $formtoken = strval($_REQUEST["formtoken"]); - $result = verify_form_token($sspCache, $formtoken); + $result = $sspCache->verify_form_token($formtoken); } #============================================================================== @@ -167,20 +167,19 @@ if ( !$result ) { # Use cache to register token sent by mail - $token_session_id = hash('sha256', bin2hex(random_bytes(16))); + $token_session_id = $sspCache->save_token( + [ + 'login' => $login, + 'time' => time() + ], + null, + $cache_token_expiration + ); if ( $crypt_tokens ) { $token = encrypt($token_session_id, $keyphrase); } else { $token = $token_session_id(); } - $cached_token = $sspCache->getItem($token_session_id); - $cached_token->set([ - 'login' => $login, - 'time' => time() - ]); - $cached_token->expiresAfter($cache_token_expiration); - $sspCache->save($cached_token); - error_log("generated cache entry with id: " . $token_session_id. " for storing password reset by mail workflow, valid for $cache_token_expiration s"); } diff --git a/lib/cache.php b/lib/cache.php deleted file mode 100644 index e6644c3d..00000000 --- a/lib/cache.php +++ /dev/null @@ -1,35 +0,0 @@ -getItem($formtoken); - $cachedToken->set($formtoken); - $cachedToken->expiresAfter($cache_form_expiration); - $sspCache->save($cachedToken); - error_log("generated form token: " . $formtoken . " valid for $cache_form_expiration s"); - return $formtoken; -} - -function verify_form_token($sspCache, $formtoken) -{ - $formtoken = strval($_REQUEST["formtoken"]); - $result = ""; - $cachedToken = $sspCache->getItem($formtoken); - if( $cachedToken->isHit() && $cachedToken->get() == $formtoken ) - { - # Remove session - $sspCache->deleteItem($formtoken); - } - else - { - error_log("Invalid form token: sent: $formtoken, stored: " . $cachedToken->get()); - $result = "invalidformtoken"; - } - return $result; -} - -?>